Tutorials - Disabling restore

Summary: Information on disabling the restore utility when infected objects are in the restore database.
Updated: 20th March 2002
Author: Matt Ham
Company: Virus Bulletin

Procedure

The Restore utility is designed to retain a copy of important system files so that these can be extracted to replace any files deleted. Unfortunately, many anti-virus products cannot delete or disinfect files in the System Restore area (usually C:\_Restore), and these files can become infected.

In order to remove this source of infection the System Restore feature must be disabled, the files removed and then System Restore may be re-enabled. To do this the following procedure should be followed:

  • Right-click on the My Computer icon.
  • Select Properties and then the Performance tab.
  • Select File System and the Troubleshooting tab.
  • Select the option 'Disable System Restore'.
  • Select Apply and then Close twice. The System Restart prompt will appear.
  • Restart the computer.

The restarted machine will now have a C:\_Restore folder which can be disinfected or the files within it can be deleted or moved as desired.

In order to restore the System Restore function, the above process should be followed once more, with step four being reversed.

Poll

Should anti-virus software be free for personal use?
Yes
No
I don't know

Leave a comment
View 46 comments
Jobs Career Sidebar

Virus Bulletin

In this month's magazine:
  • Public liability insurance for computer intrusion
  • VB100 December 2008 - Windows Vista x64
  • Anti-unpacker tricks - part one
  • Repercussions of dynamic testing
  • Frame4: in the picture
  • Fighting phishing at the browser level
Virus Bulletin 12 2008
Subscribe now!
Virus Bulletin currently has 144,438 registered users.